Protecting Chrome users from malicious extensions

Discussion in 'other software & services' started by pegas, May 28, 2014.

Thread Status:
Not open for further replies.
  1. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    Since 27th May extensions can be installed only if they're hosted on the Chrome Web Store. With this change, extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.

    Full article on Google Chrome Blog
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is about taking control away from users, not about protecting them.
     
  3. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Funny, I had one not from their web store and I just checked, it's still enabled and I can disable it and then enable it again.
    It says though that it's not from Web Store, but it works.
     
  4. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    Sure but look at Google Play. It is full of rubbish applications which are of no use and only pose high security risks. It's hard to find a middle way ...
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Exactly, it only "protects" people who shouldn't be using a computer in the first place. They already made it more than secure enough forcing us to go through all those hoops just to install something outside of the Chrome Web Store.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Why would you say that? Security wise it´s a good thing, if I´m correct Opera also does this.

    I wonder if they check all extensions that are posted on that site. Browser extensions are a huge risk, it´s best to use as less as possible.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    What does it really add to security? How is the current protections from non-Chrome Store extensions not enough? This is clearly taking control away from users, would you like it if Windows decides what you can or cannot install?
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Because it is true?

    I didn't pretend that it doesn't have a security effect (at least for a certain category of users), but I would gladly give that up in order to keep my choices.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Do you have any proof? It´s really not a good idea to install extensions from random sites. :)

    EDIT:

    OK I see, but IMO it´s a good move, not all of us are security experts, most people don´t know a lot about PC security.
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Yes. Google makes a decision (to allow a user or not to run an extension) instead of the user. That is giving more control to Google and less to the users.

    Maybe, but Google shouldn't decide that for me.
     
  11. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Google has done stuff like this before, they were in the past automatically removing the Internet Download Manager extension & others & loads of users were complaining on the Google product forums, Google said they did it due to security issue which was horse manure, it was removed due it allowing YouTube videos to be downloaded.

    Ways Google ignores it users

    1. Increased the menu padding on chrome menus & bookmarks menu which annoyed most users as it then made using bookmarks more awkward.
    2. Automatically removing extensions without warning requiring users to run chrome with a flag that disabled malware protection & extension checking.
    3. Messing up all their web apps interfaces with useless changes that were more form over function.
    4. Constantly forcing Google+ on users & making it impossible to make comments in the play store or on YouTube unless they had + account.
    5. Changing the new tab page so it had a massive google logo & search box (even though you can search from address bar) then saying use a NTP extension if you don't like it
    6. Changes to the microSD support in KitKat 4.4 that made it impossible to copy or delete files from the microSD & apps & games couldn't put data there to save space in the internal SD.
    7. Forcing the little chrome notification bell icon on users with no way to remove or disable it, it even ignores windows notification settings to hide it.

    For a company that had the motto "Do No Evil" they certainly like to go out of their way to annoy folk.
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    As if the Chrome Web Store is the only non-random site for extensions. Just because you don't use them doesn't mean Google-censored extensions are worth sacrificing to be a little closer to idiot-proof "protection".

    As if it has anything to do with that. If a user deliberately downloads an extension and manually adds it to Chrome, they deserve the results. It was their choice, and I sure as hell don't want someone else deciding for me. How does it even protect click-happy users with infinite vectors for infection?
     
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    I wonder, if it also affects Chrome based browsers?! :doubt:
     
  14. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    I think it relates to all Chromium/Blink browsers which use *.crx extensions.
     
  15. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    If you install and use Chrome Google is already deciding a gazillion things for you. The same goes with any other program, in fact. They are entitled to do whatever they want to make their product safer as long as it's not illegal. The choice is yours to use it or not.
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I will say it again: this is not about Google making their product safer, it is about offering less choice to their users. I didn't say that they can't do whatever they want with their product, I was talking about building a piece of software (browser in this case) that gives its user base choices about how to use it, not just "use it or find another".
     
  17. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    I beg to differ. Apple since beginning allows installation only via App Store/iTunes, so can you blame them that they are giving less choices to users? No, because there is no discussion whatsoever about choices. It was their decision and users were not given other choice. Take it or leave it. Google with Android was more benevolent in this respect and therefore Goole now reaps the rewards in form of many problems with security and stability of Android.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Naturally that is one way of looking at this. And it is understandable that you would feel it is so.
    But instead of saying it is taking control away from user, say instead it is giving control to Google.
    That is the goal here, from what I see.
    And it does not seem to be an unreasonable requirement that Google is handing down... extensions can be installed only if they're hosted on the Chrome Web Store.
    Big deal!
    Per the Chrome Blog, "If you're a developer and your extension isn't in the store yet, please submit it today."
    There's a one-time developer fee of 5 bucks, and whatever vetting is performed by Google (hopefully some vetting is performed!) takes place uniformly.
    I see it as control being given back to Google for the purpose of restoring a more orderly and manageable process.
    Users who are distraught with this change should get on the developer who needs to submit his app to the Web Store.
     
  19. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    745
    Location:
    Canada
    I don't get the drama.

    I install my own extension without going through the Chrome store. I can do the same if I want with all those extensions one can find on Github.
     
  20. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is also a correct way of seeing this move. But from my perspective less choice for users and more control for Google (or any other corporation) is the wrong way of doing things. I know that not everyone agrees with this view, but given how Google/corporations do things, it is highly unlikely that I will change it in the foreseeable future.

    This is one of the reasons I don't touch Apple products. And yes, I can blame them :)
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    The likelihood of you changing Google in the foreseeable future? Was that ever in play? ;)
     
  22. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I was talking about changing my view, not about Google, but it seems that I need to improve my English :)
     
  23. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Ah ha. I went back and read your comment more carefully, and it looks to me like you expressed yourself perfectly, and that I misunderstood.
    Sorry for not understanding what you wrote. :)
    As for not changing your views, my only goal in replying in the first place was to proffer another perspective, and most importantly, to suggest that anyone who is upset with Google might better turn their frustration toward the developer of the extension they use who is not submitting his app to the Chrome Web Store.
    Take care, Nebulus.
     
    Last edited: May 30, 2014
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @Page42: Oh and Google is perfect and error-free. No censorship there, move along. As if, don't give me that "Big Deal!" crap. Nobody countered even one of my points, I wonder why.
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Because you didn't make them very well? Just guessing.
    Or because they don't like arguing with you? Another guess.
     
Loading...
Thread Status:
Not open for further replies.